A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/3668/1/48ICoCSIM.pdf http://umpir.ump.edu.my/id/eprint/3668/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.ump.umpir.3668 |
|---|---|
| record_format |
eprints |
| spelling |
my.ump.umpir.36682015-03-03T08:02:31Z http://umpir.ump.edu.my/id/eprint/3668/ A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics Mohd Izham, Ibrahim Aman, Jantan Mohammad, Rasmi QA76 Computer software Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody that are not properly managed or addressed. Therefore, people with intentions may disrupt the collection process and tampered the contents of the stored evidence. Considering these issues, this paper proposes a Defensive Evidence Model (DEM) to manage the evidence collection processes as well as providing defensive measures to protecting the evidence. Features of DEM were adapted from four security models; Bell-LaPadula, Biba, Clark-Wilson and Goguen-Meseguer Model and integrated with the Forensics Investigation process. The assessment of DEM performed from two different aspects, first by analyzing the attack and second, evaluating the process through CIAA security requirements to determine the workability of the created model. 2012-12-03 Conference or Workshop Item PeerReviewed application/pdf en http://umpir.ump.edu.my/id/eprint/3668/1/48ICoCSIM.pdf Mohd Izham, Ibrahim and Aman, Jantan and Mohammad, Rasmi (2012) A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics. In: International Conference on Computational Science and Information Management (ICoCSIM), 3-5 December 2012 , Toba Lake, North Sumatera, Indonesia. pp. 251-258.. |
| institution |
Universiti Malaysia Pahang |
| building |
UMP Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaysia Pahang |
| content_source |
UMP Institutional Repository |
| url_provider |
http://umpir.ump.edu.my/ |
| language |
English |
| topic |
QA76 Computer software |
| spellingShingle |
QA76 Computer software Mohd Izham, Ibrahim Aman, Jantan Mohammad, Rasmi A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics |
| description |
Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody that are not properly managed or addressed. Therefore, people with intentions may disrupt the collection process and tampered the contents of the stored evidence. Considering these issues, this paper proposes a Defensive Evidence Model (DEM) to manage the evidence collection processes as well as providing defensive measures to protecting the evidence. Features of DEM were adapted from four security models; Bell-LaPadula, Biba, Clark-Wilson and Goguen-Meseguer Model and integrated with the Forensics Investigation process. The assessment of DEM performed from two different aspects, first by analyzing the attack and second, evaluating the process through CIAA security requirements to determine the workability of the created model. |
| format |
Conference or Workshop Item |
| author |
Mohd Izham, Ibrahim Aman, Jantan Mohammad, Rasmi |
| author_facet |
Mohd Izham, Ibrahim Aman, Jantan Mohammad, Rasmi |
| author_sort |
Mohd Izham, Ibrahim |
| title |
A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics |
| title_short |
A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics |
| title_full |
A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics |
| title_fullStr |
A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics |
| title_full_unstemmed |
A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics |
| title_sort |
defensive evidence model: an approach of security model for storing digital evidence in network forensics |
| publishDate |
2012 |
| url |
http://umpir.ump.edu.my/id/eprint/3668/1/48ICoCSIM.pdf http://umpir.ump.edu.my/id/eprint/3668/ |
| _version_ |
1643664852376354816 |
| score |
13.211869 |